lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1FdQLC-000ouEC@finlandia.Infodrom.North.DE> Date: Tue May 9 12:26:46 2006 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1054-1 security@...ian.org http://www.debian.org/security/ Martin Schulze May 9th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tiff Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026 BugTraq IDs : 17730 17732 17733 Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. CVE-2006-2025 An integer overflows allows attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1. For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libtiff packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc Size/MD5 checksum: 637 cf22045e1a49b2742c91b7f0a905adeb http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz Size/MD5 checksum: 38424 d087fb3914b10aef86959b9ed52ec955 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8 Alpha architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb Size/MD5 checksum: 141492 484fe914264072028ef4b02b97300ea8 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb Size/MD5 checksum: 106130 65673af7006686eb2718f45abfb39130 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb Size/MD5 checksum: 423888 2bc86fdbf9c751ac7173889e53d6ddcc ARM architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb Size/MD5 checksum: 117008 1f272257c4987092ff80563840acd4e3 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb Size/MD5 checksum: 91560 e84fa486a3f25e69d7d6b093a8d890e4 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb Size/MD5 checksum: 404854 b709c95f40e52e4e1003dbf6e5c768f7 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb Size/MD5 checksum: 112074 0f9fb0719cb1ed7b5954b8c70d9c9049 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb Size/MD5 checksum: 82018 c8f11403adfa3ec5695d5468f56401b2 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb Size/MD5 checksum: 387406 1c2350b56c49cde7b899d6e8261397ec Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb Size/MD5 checksum: 158788 883e3b5861f0f3610e6d1005ca760d3d http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb Size/MD5 checksum: 136620 846e662216862a10e53e282a316400a6 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb Size/MD5 checksum: 447038 73838b902a9dd1bb26146a397eb692db HP Precision architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb Size/MD5 checksum: 128282 eea419b6a514c4971d8cce8afe701b6e http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb Size/MD5 checksum: 107664 b71f9194d14e10758a13259654fcc410 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb Size/MD5 checksum: 420756 235956ededa69f803954040c8be01033 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb Size/MD5 checksum: 107256 9d10fc534cf1bf95c16dd5db5373334c http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb Size/MD5 checksum: 80700 9a1986ea34f0b86b3bfb5255315528d5 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb Size/MD5 checksum: 380346 7ec9a504a5c39a3d2e2bddec81be6bc6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb Size/MD5 checksum: 124018 a4f309ec307e0b965578ed940d4a0ea9 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb Size/MD5 checksum: 88772 1923797ce7bcc87a5717e9916314ba06 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb Size/MD5 checksum: 411214 f27e5579da8ca6a547286e5e7585cb86 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb Size/MD5 checksum: 123542 ea78a9c8d14ff4627b7f01846334789b http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb Size/MD5 checksum: 89078 6cb7602c3c14127a9df23b4b250a90cf http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb Size/MD5 checksum: 411310 b2b76ce9f914e4f8b27f4587a0777ccc PowerPC architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb Size/MD5 checksum: 116098 3b39efd8b84ee2e30c9f5bae6e71733b http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb Size/MD5 checksum: 90574 b0d0cff70a07f0257ec0ebeb58e34d37 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb Size/MD5 checksum: 403134 b56fb0d12f26942ab109256bcf2b6c5f IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb Size/MD5 checksum: 116916 e2bf80099e059ded08e58da8cecf296f http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb Size/MD5 checksum: 92756 e2fedfbfd543ffdbcfbe670b63f6a7bc http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb Size/MD5 checksum: 395662 0648812bd3022237c75085deba6524c3 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb Size/MD5 checksum: 132898 427a7a7666e5d5099368fc8290652e9a http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb Size/MD5 checksum: 89748 1d42ae0eb84771f168696e118762a5c9 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb Size/MD5 checksum: 397464 380f640a527e6a2cc659bd191f168631 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc Size/MD5 checksum: 750 5292d79663e45dc1a815fdf4fbced88f http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz Size/MD5 checksum: 10929 0dc2c9b82a80b9aa72844089feeaf5b2 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00 Alpha architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb Size/MD5 checksum: 46780 32137fed99cfe1e4abf975b76e53e534 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb Size/MD5 checksum: 243516 cebb5556cac9f8a2989ce719175510de http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb Size/MD5 checksum: 478224 075e9d2d41cecc0a12099004e2a3f5e5 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb Size/MD5 checksum: 309642 b21266c7e4769ff718441113d6f06776 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb Size/MD5 checksum: 40902 1300556889de2ca4a1db5fa67faf521d AMD64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb Size/MD5 checksum: 45708 aa3ec93031ee68464e1d179fa93a996d http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb Size/MD5 checksum: 217720 95fba37c5822a8a76b049ff7c8f0e3e3 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb Size/MD5 checksum: 459198 f73e3337905b20f021f21430e5d1cd6a http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb Size/MD5 checksum: 266792 1d05b2504f1024b4ea1e42b939dd23d3 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb Size/MD5 checksum: 40466 e99bcfb2c1c196a3a5883645e0e87f59 ARM architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb Size/MD5 checksum: 45226 493405e066e7e4e34382785c61ed63aa http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb Size/MD5 checksum: 208348 cebc75bc41462e3bbec3bb680782f2ae http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb Size/MD5 checksum: 453422 17e77299f3cfed68c18d45e49bfb0cdc http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb Size/MD5 checksum: 265098 a7fe69596d51036b8bc1aca3ddb4ffce http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb Size/MD5 checksum: 39974 0bcc5bbbca1a4a5e68c4915e71aa5264 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb Size/MD5 checksum: 45070 6d615bf5aabdb87e53b392e56d67a31c http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb Size/MD5 checksum: 206070 d243294914c50dd2184459ac4056d4da http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb Size/MD5 checksum: 452436 aaa4c81b1731ea3b936cef591ae0094d http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb Size/MD5 checksum: 251548 c769d9abda84f2581a0918d8d0e14ad6 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb Size/MD5 checksum: 40518 1d1983f8b8d910d829024f0e68c3f430 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb Size/MD5 checksum: 48174 95f9a574537c9e4749b61d36ba7f0c4b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb Size/MD5 checksum: 268840 e7ada3b6f4dede0cc615f2e357c7f1b6 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb Size/MD5 checksum: 510948 baa9e6bb3e5b47c20f12648c683ad650 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb Size/MD5 checksum: 330612 7e23b99dfd8e7611ce90eec63ee7f298 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb Size/MD5 checksum: 42102 4398a87b268ef69b54adac33e616252e HP Precision architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb Size/MD5 checksum: 46506 626e3e1f6704a8f1660c079c15c55f5d http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb Size/MD5 checksum: 230020 a7a58223d62a7929b7810628efaf7ec4 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb Size/MD5 checksum: 472842 c051e1c0b5853f695c193ac6e45996ff http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb Size/MD5 checksum: 281488 ac8dff3f4c0e06f9634871431da84272 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb Size/MD5 checksum: 41158 58bbe3291069c661e9ec2206ea15b787 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb Size/MD5 checksum: 45082 5b41876dbeb2620959880fe2255151c3 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb Size/MD5 checksum: 193346 d19e70706a4f421421360dcbf50f79bc http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb Size/MD5 checksum: 442584 feb24367354884bfbcb260fc81308192 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb Size/MD5 checksum: 234324 e15dd919316bb5a1392b2c8a1c1d230a http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb Size/MD5 checksum: 40108 0c96a6175862ef00c892752b91f4558f Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb Size/MD5 checksum: 45966 01b790d715989a69e712102d7f75bb9b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb Size/MD5 checksum: 252098 703f77c67402e375af6042803c0a853c http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb Size/MD5 checksum: 458446 39e019da604ea401404262d1148e67e2 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb Size/MD5 checksum: 280364 e69fd2380a2aac192e81f548461586db http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb Size/MD5 checksum: 40746 ecc9da81ea37deff720a8a1f4b146680 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb Size/MD5 checksum: 45924 2cf8e9413e317a7ca6db5a25115e3198 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb Size/MD5 checksum: 252556 c0bc05bdc88e29e400bc011457b8e80c http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb Size/MD5 checksum: 458864 8c07f54637d99e347f3a87fd2e40ef21 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb Size/MD5 checksum: 280238 94681c55971b4fe94869ad558e625139 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb Size/MD5 checksum: 40730 9482ea1a711ff8cec430b1c909c2dc58 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb Size/MD5 checksum: 47144 96335b6a94658bb97852948f6abd538a http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb Size/MD5 checksum: 235298 d77e58b3988c957830e076beefba79ec http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb Size/MD5 checksum: 460428 2185eb42d4629fd7615c6d267a8d3f64 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb Size/MD5 checksum: 271916 4eb6af54a34a4441819248611e2b2ed3 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb Size/MD5 checksum: 42316 5d14ce57ad1b666dbe99301221623d9c IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb Size/MD5 checksum: 46096 c275b88c86572311c723910cf626305e http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb Size/MD5 checksum: 213682 96082e599832fb8d0a7e9df202ee411b http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb Size/MD5 checksum: 465848 c90098e745601ac1409d18144a55d32f http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb Size/MD5 checksum: 266562 b378324e62843c012a0bf64a24da00d5 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb Size/MD5 checksum: 40742 eeabd51cc38bb74ede6c5b0c9c7dca78 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb Size/MD5 checksum: 45394 3bcb5ac9c212b0aace2c71b8812d5e52 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb Size/MD5 checksum: 205236 58f316a2cc2041988b64551a70b45cef http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb Size/MD5 checksum: 454594 01c1d5c7d7ee0fa4729a1bfa83fd9273 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb Size/MD5 checksum: 257742 b8af195da2e880cbae59826bf84b8d32 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb Size/MD5 checksum: 40470 02164452e05683ad474441be7beadb37 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEYHwhW5ql+IAeqTIRAlqEAJ44sh0nDlwv3udX8lDFsSlaxPl4zgCeIlA+ X6GeKPzGGps9iWfbU2hx414= =MsHz -----END PGP SIGNATURE-----